Last active
November 21, 2016 22:55
-
-
Save krono/9e22b571472ba8ff0a940156d6480e63 to your computer and use it in GitHub Desktop.
Ban everyone who tries SSH (inspiration: http://huschi.net/14_360_de-portscan-honeypot-mit-iptables.html )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PORT=22 | |
| TIMEOUT=600 | |
| for IPTABLE in iptables ip6tables; do | |
| case "${IPTABLE}" in | |
| iptables) LOCALHOST="127.0.0.1";; | |
| ip6tables) LOCALHOST="::1";; | |
| esac | |
| ${IPTABLE} -L ssh-honeypot 2>/dev/null >/dev/null && continue | |
| ${IPTABLE} -N ssh-honeypot | |
| ${IPTABLE} --insert INPUT ! --source "${LOCALHOST}" --jump ssh-honeypot | |
| ${IPTABLE} --append ssh-honeypot --match recent --update --seconds $TIMEOUT --name ssh-fraudster -j DROP | |
| ${IPTABLE} --append ssh-honeypot --protocol tcp --match tcp --destination-port $PORT --match recent --name ssh-fraudster --set --jump LOG --log-prefix "[SSH-HONEYPOT on -- $PORT] " --log-level 6 --log-ip-options | |
| ${IPTABLE} --append ssh-honeypot --protocol tcp --match tcp --destination-port $PORT --match recent --name ssh-fraudster --set --jump DROP | |
| ${IPTABLE} --append ssh-honeypot --jump RETURN | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment